<?php
include_once("functions/db_manipulate.php");

if (!init()) {
    redirect("Location: login.php");
    exit();
}

?>
<meta charset="UTF-8">

<?php


connectDB();
startTransaction();

$userResultSet = mysql_query("SELECT nick, id FROM users WHERE id = '" . mysql_real_escape_string($_POST['userid']) . "'") or die(mysql_error());

$changePassResultSet = null;

$restoreUserResultSet = null;

if ($user = mysql_fetch_assoc($userResultSet)) {
    $newPassword = encryptString($user['nick'], $_POST['newpass']);

    $changePassResultSet = mysql_query("UPDATE users SET password = '" . mysql_real_escape_string($newPassword) . "' WHERE id = '" . mysql_real_escape_string($row['id']) . "'") or die(mysql_error());

    $restoreUserResultSet = mysql_query("DELETE FROM forgotpass WHERE userid = '" . mysql_real_escape_string($user['id']) . "'") or die(mysql_error());
}

if ($userResultSet && $changePassResultSet && $restoreUserResultSet) {
    commitTransaction();
} else {
    rollbackTransaction();
}

redirect($_SERVER['HTTP_REFERER']);

?>
